Financial Account Aggregation

Three years ago, I wrote a blog post entitled Internet Security Rule One about the stupidity of sharing your passwords with anyone. I finished that post with a joke.

Look, I’ll tell you what. I’ve got a really good idea for an add-on for your online banking service. Just leave the login details in a comment below and I’ll set it up for you.

It was a joke because it was obviously ridiculous. No-one would possibly think it was a good idea to share their banking password with anyone else.

I should know not to make assumptions like that.

Yesterday I was made aware of a service called Money Dashboard. Money Dashboard aggregates all of your financial accounts so that you can see them all in one convenient place. They can then generate all sorts of interesting reports about where your money is going and can probably make intelligent suggestions about things you can do to improve your financial situation. It sounds like a great product. I’d love to have access to a system like that.

There’s one major flaw though.

In order to collect the information they need from all of your financial accounts, they need your login details for the various sites that you use. And that’s a violation of the Internet Security Rule One. You should never give your passwords to anyone else – particularly not passwords that are as important as your banking password.

I would have thought that was obvious. But they have 100,000 happy users.

Of course they have have a page on their site telling you exactly how securely they store your details. They use “industry-standard security practices”, their application is read-only “which means it cannot be used for withdrawals, payments or to transfer your funds”. They have “selected partners with outstanding reputations and extensive experience in security solutions”. It all sounds lovely. But it really doesn’t mean very much.

It doesn’t mean very much because at the heart of their system, they need to log on to your bank’s web site pretending to be you in order to get hold of your account information. And that means that no matter how securely they store your passwords, at some point they need to be able to retrieve them in plain text so they can use them to log on to your banks web site. So there must be code somewhere in their system which punches through all of that security and gets the string “pa$$word”. So in the worst case scenario, if someone compromises their servers they will be able to get access to your passwords.

If that doesn’t convince you, then here’s a simpler reason for not using the service. Sharing your passwords with anyone else is almost certainly a violation of your bank’s terms and conditions. So if someone does get your details from Money Dashboard’s system and uses that information to wreak havoc in your bank account – good luck getting any compensation.

Here, for example, are First Direct’s T&Cs about this (in section 9.1):

You must take all reasonable precautions to keep safe and prevent fraudulent use of any cards, security devices, security details (including PINs, security numbers, passwords or other details including those which allow you to use Internet Banking and Telephone Banking).

These precautions include but are not limited to all of the following, as applicable:


  • not allowing anyone else to have or use your card or PIN or any of our security devices, security details or password(s) (including for Internet Banking and Telephone Banking) and not disclosing them to anyone, including the police, an account aggregation service that is not operated by us

Incidentally, that “not operated by us” is a nice piece of hubris. First Direct run their own account aggregation service which, of course, they trust implicitly. But they can’t possibly trust anybody else’s service.

I started talking about this on Twitter yesterday and I got this response from the @moneydashboard account. It largely ignores the security aspects and concentrates on why you shouldn’t worry about breaking your bank’s T&Cs. They seem to be campaigning to get T&Cs changed so allow explicit exclusions for sharing passwords with account aggregation services.

I think this is entirely wrong-headed. I think there is a better campaign that they should be running.

As I said above, I think that the idea of an account aggregation service is great. I would love to use something like Money Dashboard. But I’m completely unconvinced by their talk of security. They need access to your passwords in plain text. And it doesn’t matter that their application only reads your data. If someone can extract your login details from Money Dashboard’s systems then they can do whatever they want with your money.

So what’s the solution? Well I agree with one thing that Money Dashboard say in their statement:

All that you are sharing with Money Dashboard is data; data which belongs to you. You are the customer, you should be telling the bank what to do, not the other way around!

We should be able to tell our banks to share our data with third parties. But we should be able to do it in a manner that doesn’t entail giving anyone full access to our accounts. The problem is that there is only one level of access to your bank account. If you have the login details then you can do whatever you want. But what if there was a secondary set of access details – ones that could only read from the account?

If you’ve used the web much in recent years, you will have become familiar with this idea. For example, you might have wanted to give a web app access to your Twitter account. During this process you will be shown a screen (which, crucially, is hosted on Twitter’s web site, not the new app) asking if you want to grant rights to this new app. And telling you which rights you are granting (“This app wants to read your tweets.” “This app wants to tweet on you behalf.”) You can decide whether or not to grant that access.

This is called OAuth. And it’s a well-understood protocol. We need something like this for the finance industry. So that I can say to First Direct, “please allow this app to read my account details, but don’t let them change anything”. If we had something like that, then all of these problems will be solved. The Money Dashboard statement points to the Financial Data and Technology Association – perhaps they are the people to push for this change.

I know why Money Dashboard are doing what they are doing. And I know they aren’t the only ones doing it (Mint, for example, is a very popular service in the US). And I really, really want what they are offering. But just because a service is a really good idea, shouldn’t mean that you take technical short-cuts to implement it.

I think that the “Financial OAuth” I mentioned above will come about. But the finance industry is really slow to embrace change. Perhaps the Financial Data and Technology Association will drive it. Perhaps one forward-thinking bank will implement it and other bank’s customers will start to demand it.

Another possibility is that someone somewhere will lose a lot of money through sharing their details with a system like this and governments will immediately close them all down until a safer mechanism is in place.

I firmly believe that systems like Money Dashboard are an important part of the future. I just hope that they are implemented more safely than the current generation.



General Election in Battersea

There’s a General Election coming up. And I’m really not sure who I’m going to vote for. But that’s ok because this is going to be the UK’s first Election Campaign 2.0 where candidates and voters are going to be in constant two-way communication through the medium of the interweb. All I need to do is to hook up to the web feeds generated by all of my local candidates and within hours I’ll be able to make up my mind.

Or something like that.

Those nice people from YourNextMP have a list of the candidates currently standing in Battersea. Of course it might not be complete yet as candidates still have a few more days to register. But it’s enough to be going on with.

Let’s start with the current MP. Martin Linton has one of the smallest majorities in the country. In 2005 he beat Tory candidate Dominic Schofield by only 163 votes. Battersea has had a few boundary tweaks and that majority has been re-estimated to 332. Anyway, it’s small and you’d think that Martin Linton would be keen to get his message out to as many people as possible. I had him knocking on my door a couple of weeks ago and he’s sent me a letter telling me how to contact him during the campaign. But he doesn’t exactly appear to have embraced the digital era. He has a web site, of course, but there’s no web feed for it. If you go to the news page on the site, then there is a web feed but you have to view the page source in order to find it [Update: I was being slightly unfair there. The page does have autodiscovery configured correctly for the web feed – it just doesn’t seem to work in my version of Google Chrome. I see the web feed icon in Firefox]. The stories on the news page aren’t dated, but by reading the web feed you can see that the page was last updated on March 26th. Nothing at all since the election was called. He also has a Twitter page, but that was set up in February and has six entries, the last of which was posted on March 29th. All very disappointing.

But perhaps this lack off digital effort by Martin Linton can be explained by the even greater lack of effort made by his biggest rival, the Conservative candidate Jane Ellison. She has a web site, but as far as I can see there are no web feeds on it at all. Oh, actually, she republishes two on her news page – one from the Wandsworth Conservatives and one from the borough council (which is run by the Conservatives). I can find no other trace at all of digital engagement from Ms Ellison. No blog, no Twitter page, no Flickr account. Nothing to to get her message out to the digital natives of Battersea.

Moving to the other extreme, we should now look at Layla Moran, the Liberal Democrat candidate. Ms Moran seems to have more internet presence than all of the other candidates combined. She has a web site, a Twitter page, a Flickr account and a YouTube account. And they all have web feeds. And she uses all of these methods to get her message out and interact with people. In particular, she’s very active on Twitter and she responds to many messages that people send her there. I might not end up voting for her, but it certainly won’t be because I don’t know anything about her.

Next we come to Guy Evans of the Green Party. Guy doesn’t even have web site. Perhaps Green Party policy is that computers are bad for the environment. But that also seems to be true of David Priestly of the Official Monster Raving Loony Party and Nicholas Rogers of the Jury Team. I can’t find any kind of internet presence for either of them.

That leaves us with the two independent candidates in the Battersea election. Tom Cox and Hugh Salmon. Cox seems to be winning on number of feeds (he has a blog, a Twitter page and a YouTube account) but he doesn’t seem to use any of them much. Salmon, on the other hand, only has a blog and a Twitter account, but his Twitter account is pretty active – certainly more active than Linton or Fox but nowhere near as active as Moran.

So we have (currently) eight candidates. And between them I’ve managed to find eleven web feeds). And what do you do when you have a number of web feeds that you want to follow? Of course you build a planet. So here’s my new Battersea GE2010 page which monitors and aggregates all of the feeds I’ve discussed above. Yes, my web design skills are rather rudimentary. Please offer to help if you think you can do better. And if you know of any candidates or feeds that I’ve missed, then please let me know.

There’s no reason why this approach couldn’t be used elsewhere. I built the page with Perlanet, which is free software so you could build something similar for your constituency. And there’s plenty of other tools for doing the same thing. Let me know if you do. I’ll set up a directory or something.

If this is supposed to be the first truely digital General Election then let’s see how true that is. From what I can see in Battersea, we’ve still got some distance to go. Maybe things will change in the next three weeks.


Competition is Good

For over two years, I’ve been running Planet Westminster. It’s a simple site which aggregates blog postings from all UK MPs. I built it in an afternoon (based on my software Perlanet) and have tweaked it here and there since then. I always thought that it would good to have it working well before next year’s election campaign gets under way as I think that blogs will be an important part of that election.

This morning, I see that I’m not the only one with that idea. Blogminster is doing the same thing. And the annoying thing is that it seems to be doing it better than me. Not only does it just look nicer than my site (I never claimed to be a web designer!) but it has some really nice features – for example the ability to show just the blogs of MPs for just one party. They also have more MPs on their list than I have – it’s been a while since I did one of my sporadic trawls to find new MPs’ blogs. But that’s ok, I can just steal details from their list.

But I really need to put some effort into improving my site. Some things I’d like to do:

  • Make it look prettier
  • Just display the latest entry from each MP
  • Have filtered pages for each party
  • Have a separate page for each MP showing previous entries
  • Have an option to not display all of each entry (some MPs can write a lot)

There are also some things I need to work out with the parsing of the data and the formatting of the output.

Some of these improvements will also be useful to other people using Perlanet. Some of them are probably going to need to be custom built for this site.

It’s clear that I got the site to a “just barely usable” state and have largely ignored it since. I’ve proved that the concept works and is useful, but it’s not really in a suitable condition to be shared with the world. That needs to change.

If you have any interest in getting involved in fixing the site, then please let me know. I’m particularly interested in anyone who can make it look nicer.



It’s nine years since I registered the domain and set up a web site there. And I’ve never really known what to do with it. Since I started blogging, it’s seemed even less useful. The blog front page was where all the interesting stuff happened. The main page just contained links to a few bad jokes and a couple of useful sub-sites. For years I just tinkered with the design a bit, but I was never really happy with it. Sometime early in 2005 I rewrote it so that it took a lot of its content from various RSS feeds that I published. But the code to do that was a really nasty hack which I’ve wanted to rewrite since the day I first wrote it.

A few weeks ago, I wrote Perlanet which is a simple program for aggregating web feeds and republishing the results. As I had some spare time yesterday, I rewrote the front page using Perlanet to do most of the heavy lifting. It now contains the full text of the most recent entries from my various blogs, together with examples of my latest flickr uploads and list of recent twitters and delicious links. It’ll be simple to add other feeds to the mix in the future.

I realise that this isn’t exactly new. People have had sites like this for years. But I’m happy at how quickly I managed to build this and happier that it shows that Perlanet is as flexible as I wanted it to me. I’m also pretty happy with the way that it looks (although that is, I suspect, more to do with the Boilerplate CSS framework than my design skills).

I’ve also started to publish a number of Atom feeds. As you’ll see from the top right of the new page, there is one feed containing the blog entries, one containing the shorter stuff, one for photos (that’s just the original flickr feed but it might be expanded in the future) and one that contains everything (that’s the planet davorg feed). That allows readers a bit more flexibility over what content they subscribe to.

Oh, and I’ve also taken the opportunity to remove the links to all the old jokes. The pages are still there if you know where to look, but Google Analytics tells me that they won’t be missed.